Rapid7 Blog

Matt Hathaway  

AUTHOR STATS:

81

SIEM Market Evolution And The Future of SIEM Tools

There’s a lot to be learned by watching a market like SIEM adapt as technology evolves, both for the attackers and the analysis.…

RSA Conference 2017 Exhibits - Is Your Artificial Intelligence Only 1.0?

If you walked the RSA Conference floor(s) in San Francisco this year, you probably needed to sit down a few times in passing the 680 vendors - not because of the distance or construction as much as from the sensory overload and Rubik's cube…

Incident Detection and Investigation - How Math Helps But Is Not Enough

I love math. I am even going to own up to having been a "mathlete" and looking forward to the annual UVM Math Contest in high school. I pursued a degree in engineering, so I can now more accurately say that I love…

12 Days of HaXmas: Rudolph the Machine Learning Reindeer

Merry HaXmas to you! Each year we mark the 12 Days of HaXmas with 12 blog posts on hacking-related topics and roundups from the year. This year, we're highlighting some of the “gifts” we want to give back to the community. And while these gifts…

Displace SIEM "Rules" Built for Machines with Custom Alerts Built For Humans

If you've ever been irritated with endpoint detection being a black box and SIEM detection putting the entire onus on you, don't think you had unreasonable expectations; we have all wondered why solutions were only built at such extremes. As software has evolved and our…

Analytics By Any Other Name: New InsightIDR Detections Released

New detections have been introduced regularly since we first started developing our Incident Detection and Response (IDR) solutions four years ago. In fact, as of today, we have a collection of more than 50 of these running across customer data. But what does that mean?…

SIEM Solutions Don't Detect Attacks, Custom Code And Advanced Analysts Do

This post is the fifth in a series examining the roles of search and analytics in the incident-detection-to-response lifecycle. To read the first four, click here, here, here, and here. While a lot of people may think it's a controversial topic, stating that a SIEM…

Real-Time Discussion On Real-Time Security

In case you haven't yet met someone from Rapid7, you should know that we care about improving security at all companies. We have no interest in selling you products that are going to sit on your shelf, so I recently wore makeup for the first…

Prepare Yourself for Ransomware - No More Snake Oil, Please

Ransomware has hurt more businesses than anyone expected only a year ago. This real threat to your organization could steal a great deal of productivity while systems are “locked” or directly cost the cryptocurrency demanded as ransom. For any organization that's ill prepared, it could…

Vulnerability Management Needs To Stop Slowing Security Improvement

Incremental improvement is great. Nothing, especially in the world of software, is perfect when first released to the market, so iterative improvement is an expectation every customer must have. But problems begin to arise for users when incremental improvement becomes the accepted norm for long…

Compromised Credentials Have a High ROI for Attackers

Given that detecting the use of compromised credentials is at the core of user behavior analytics', and InsightIDR's, focus, I want to explain why compromised credentials are so valuable to attackers. To effectively understand any attacker tools and techniques, we have to put them into…

Attackers Take Advantage Of The Options You Give Them - Malware vs. Credentials

When InsightIDR was purpose-built to detect compromised credentials in the first months of 2014, we did so because we identified a significant gap in detection solutions currently available to security teams. The 2014 Verizon DBIR just happened to subsequently quantify the size of this gap…

Detecting Stolen Credentials Requires Endpoint Monitoring

If you are serious about detecting advanced attackers using compromised credentials on your network, there is one fact that you must come to terms with: you need to somehow collect data from your endpoints. There is no way around this fact. It is not only…

Attackers Prey on Incident Response Bottlenecks

Organizations are taking too long to detect attacks. The average length of time to detect an intruder ranges from 2 months to 229 days across many reports and anecdotal evidence from publicized breaches supports these numbers. This means that attackers are taking advantage of the…

Why Flexible Analytics Solutions Can Help Your Incident Response Team

I happen to despise buzzwords, so it has been challenging for me to use the term "big data security analytics" in a sentence, mostly because I find it to be a technical description of the solutions in this space, rather than an indicator…

Featured Research

National Exposure Index 2017

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Podcast

Security Nation

Security Nation is a podcast dedicated to covering all things infosec – from what's making headlines to practical tips for organizations looking to improve their own security programs. Host Kyle Flaherty has been knee–deep in the security sector for nearly two decades. At Rapid7 he leads a solutions-focused team with the mission of helping security professionals do their jobs.

Listen Now